April 11, 2022

A hacker group called NB65 is targeting Russian organizations with ransomware attacks that use the leaked Conti Ransomware source code.

Russian organisations attacked by the group include document management operator Tensor, Russian space agency Roskosmos and Russian state television and radio station VGTRK.

During the numerous attacks, the group stole and leaked online data belonging to the organizations online. The group also claimed that the attacks were due to Russia’s invasion of Ukraine.

After NB65’s sample was uploaded, researchers discovered that the group had only edited the leaked source code for the Conti Ransomware Group. Conti, a Russian ransomware gang, expressed their stance not to attack any Russian companies.

Conti’s source code was leaked after the group sided with Russia following the invasion of Ukraine. A security researcher leaked 170,000 internal chat messages and the source code for the group’s operations.

Since the source code was leaked, researchers predicted that other ransomware gangs could use it to start another ransomware campaign.

The sources for this piece include an article in BleepingComputer.